OpenStack DBaaS (Trove)

user-grant-access creating grant rules for non existing databases

Bug #1302376 reported by shweta on 2014-04-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack DBaaS (Trove)	Invalid	Undecided	Pradeep Kumar Chandani

Bug Description

HOW TO REPRODUCE:

1.Create a user. (if does not exists)

2. Run user-grant-access API with valid user and invalid database names

ubuntu@shweta-test:~$ trove user-grant-access b3e56616-fec8-4ff3-a31a-0260e80c5744 user1 asd
ubuntu@shweta-test:~$ trove user-grant-access b3e56616-fec8-4ff3-a31a-0260e80c5744 user1 jawkdweuif
ubuntu@shweta-test:~$ trove user-grant-access b3e56616-fec8-4ff3-a31a-0260e80c5744 user1 database1
ubuntu@shweta-test:~$ trove user-grant-access b3e56616-fec8-4ff3-a31a-0260e80c5744 user1 datasd

3. Now run user-show API. It will list databases on which user is suppose to have access . It includes all the invalid database names which were passed in user-grant-access API.

ubuntu@shweta-test:~$ trove user-show b3e56616-fec8-4ff3-a31a-0260e80c5744 user1
+-----------+-------------------------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+-----------+-------------------------------------------------------------------------------------------------------------------------------------------+
| databases | [{u'name': u'asd'}, {u'name': u'database1'}, {u'name': u'datasd'}, {u'name': u'jawkdweuif'}, {u'name': u'nodb'}, {u'name': u'qweqrwqwe'}] |
| host | % |
| name | user1 |
+-----------+-------------------------------------------------------------------------------------------------------------------------------------------+

shweta (shweta) on 2014-04-04

Changed in trove:
assignee:	nobody → shweta (shweta)

Pradeep Kumar Chandani (pradeep-chandani) on 2014-04-04

Changed in trove:
assignee:	shweta (shweta) → Pradeep Kumar Chandani (pradeep-chandani)

Revision history for this message

Pradeep Kumar Chandani (pradeep-chandani) wrote on 2014-04-04:

This is invalid bug...as in Mysql, user can be granted on databases which doesn't exits.

Find below queries for reference-

mysql> select User,Host from mysql.user;
+------------------+-----------+
| User | Host |
+------------------+-----------+
| @Db#$jai123 | % |
| debuser2 | % |
| jai | % |
| jai$@ | % |
| debian-sys-maint | localhost |
| os_admin | localhost |
| root | localhost |
+------------------+-----------

mysql> Grant ALL ON debdb2333.* TO 'debuser2@%' ;
Query OK, 0 rows affected (0.01 sec)

mysql> select grantee,table_schema from information_schema.SCHEMA_PRIVILEGES where privilege_type != 'USAGE' group by grantee , table_schema;
+-------------------+--------------+
| grantee | table_schema |
+-------------------+--------------+
| ''@'%' | test |
| ''@'%' | test\_% |
| '@Db#$jai123'@'%' | db |
| 'debuser2'@'%' | db1 |
| 'debuser2@%'@'%' | debdb2 |
| 'debuser2@%'@'%' | debdb211 |
| 'debuser2@%'@'%' | debdb2333 |
| 'jai$@'@'%' | db |
| 'jai'@'%' | adf |
| 'jai'@'%' | asdf |
| 'jai'@'%' | db |
| 'jai'@'%' | debdb22 |
| 'jai'@'%' | sdf |
+-------------------+--------------+
13 rows in set (0.02 sec)

So from above queries we can see that if we fire grant queries for database that dont exits, it gives the grants the access of that database to user even that database doesn't exists.

Changed in trove:
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.